Adidas Data Breach Reminds Us about Password Security

Identity theft and fraud can occur in many different ways, so it’s not something that anyone person can fully prevent. However, there are a lot of things consumers can do to minimize their risk, starting with what might be the easiest step of all: password security. The word “security” rarely means “easy,” but when it comes to implementing a strong, unique password, it absolutely is simple if you follow key guidelines. Strong passwords are those that contain a long string of characters, ones that include uppercase letters, lowercase letters, numbers, and symbols. It’s also important that the strong password does not contain a variation of your name, the website or company name, or easily guessed words or slogans. Making a strong password might be the easy part, especially since many platforms now require you to use a certain number of characters, or remind you to include a number or symbol. The real problem for consumers is in reusing those passwords, in other words, not making them unique. If you make a really great, strong password then reuse it on other websites, you may be no better off than if you’d used “password” as your password (like so many people actually do). A recent data breach incident involving Adidas US’s website serves as proof of that. “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords,” the company said in its announcement. “Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.” Once a hacker gains access to a trove of account information for millions of consumers—as may have occurred in this incident, which is still under investigation—any username and password combinations that were stolen can be used on other sites. The hacker gets your username (which is quite often your email address) and password from the Adidas breach then tries it on Amazon, iTunes, PayPal, Yahoo and Gmail, and popular banking websites. If you’ve reused your password, they just got in.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.